Skip to content

Article 29 GDPR — enforcement

Cited in 30 decisions · €12.8M total fines · median €40,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (11)

Date ↓ Company / party Authority Articles Fine
2021-11-26 Valoris Center S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €2,000
2021-09-16 Sky Italia S.r.l.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €3,296,326
2021-04-19 Lugera & Makler Broker S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €1,500
2021-02-10 ING Bank N.V. Amsterdam - Bucharest office
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €1,000
2020-07-13 Merlini s.r.l.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 28 €200,000